Technical Information
Modifies file system
Creates the following files
- %TEMP%\8cda.tmp
Moves itself
- from <Full path to file> to <PATH_SAMPLE>.docx
Network activity
UDP
- DNS ASK ne###.##ficeapps.live.com
Miscellaneous
Creates and executes the following
- '%TEMP%\8cda.tmp' --ping<Full path to file> 6F7E0F63641F64ECB87351D976043946CE5192D1A400DD760C8229927A674998E42D8C1EBEAE691F71778893E087CE83912703A6634F880C00A090E0BD8C7537
Executes the following
- '%ProgramFiles(x86)%\microsoft office\office16\winword.exe' /n "<PATH_SAMPLE>.docx" /o ""
- '%TEMP%\8cda.tmp' --ping<Full path to file> 6F7E0F63641F64ECB87351D976043946CE5192D1A400DD760C8229927A674998E42D8C1EBEAE691F71778893E087CE83912703A6634F880C00A090E0BD8C7537' (with hidden window)
